daniel:// stenberg://May 6, 2025

The state of SSL stacks:

https://www.haproxy.com/blog/state-of-ssl-stacks

The State of SSL Stacks

The SSL landscape has shifted dramatically. In this paper, we examine OpenSSL 3.x, BoringSSL, LibreSSL, WolfSSL, and AWS-LC with HAProxy.

HAProxy Technologies
Show threadvsz
@bagder Not performance but security related; here's a CVE from 2019 that remains unfixed. OpenSSL finally acked it in 2024 as "feature request", with no plans to fix: https://github.com/openssl/openssl/issues/24528 It affects Windows. Forks fixed it throughout the years.
Windows, world-writable config path (re: CVE-2019-5443) · Issue #24528 · openssl/openssl

This is a long time problem, and opening a new Issue to give it some visibility and place to discuss. OpenSSL loads its config (openssl.cnf) from a disk location baked into the binary at build time...

GitHub
May 7, 2025 at 1:20pmWeb